ConectivaCVEs & Vulnerabilities

66 CVEs affecting Conectiva products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

linux 166
CVE-2001-1375MEDIUM

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.

19 Jul 2001
4.6
CVSS
CVE-2001-0439HIGH

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

2 Jul 2001
7.5
CVSS
CVE-2001-0440HIGHpoc

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

2 Jul 2001
7.5
CVSS
CVE-2001-0473HIGH

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

27 Jun 2001
7.5
CVSS
CVE-2001-0178LOW

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

26 Mar 2001
2.1
CVSS
CVE-2001-0170LOWpoc

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

26 Mar 2001
2.1
CVSS
CVE-2001-0128HIGH

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

12 Mar 2001
7.2
CVSS
CVE-2001-0136MEDIUMpoc

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

12 Mar 2001
5.0
CVSS
CVE-2000-1095HIGHpoc

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

9 Jan 2001
7.2
CVSS
CVE-2000-1134HIGHpoc

Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.

9 Jan 2001
7.2
CVSS
CVE-2000-0844CRITICALpoc

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

14 Nov 2000
10.0
CVSS
CVE-2000-0701MEDIUM

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.

20 Oct 2000
4.6
CVSS
CVE-2000-0715LOW

DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.

20 Oct 2000
2.1
CVSS
CVE-2000-0747CRITICAL

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.

20 Oct 2000
10.0
CVSS
CVE-2000-0667LOW

Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.

27 Jul 2000
3.6
CVSS
CVE-2000-0668MEDIUMpoc

pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

27 Jul 2000
5.0
CVSS
CVE-2000-0633LOW

Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

18 Jul 2000
2.1
CVSS
CVE-2000-0666CRITICALpoc

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

16 Jul 2000
10.0
CVSS
← PrevPage 2 / 2Next →